Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Donate Today!

Do you enjoy these
technical forums?
Donate Today! Click Here

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

how to route 2 internet providersHelpful Member!(3) 

luisc2004 (IS/IT--Management) (OP)
30 Mar 04 13:13
HI!, I´m new with Cisco. I´ve a 2611 router with 4 Ethernet interfaces.
Interfase 1, connects the LAN.
Interfase 2, connects to the Internet provider, so the default route, points to that interfase.
Interfase 3, connects to a WAN (wireless).

Now, we´ve suscribed to a second Internet provider, connected to Interfase 4.

I would like to configure the router so some computers may surf with provider A (interfase 1) and the other computers may surf with provider B (interfase 4).

Any help will bi appreciated.

TIA,

Luis (luis-carrizo@grupovierci.com)
Helpful Member!  pmesjar (TechnicalUser)
30 Mar 04 13:24
I think in your case configuring another default route pointing to interface 4 should be enough. Just make sure you configure it the same way as the first one (but change the interface), eg:

ip route 0.0.0.0 0.0.0.0 ethernet2
ip route 0.0.0.0 0.0.0.0 ethernet4

then check you routing table using "show ip route". Router will add both of these routes into its routing table and will automatically try to load-balance per destination. However if you need strict policy that this half of users must go this way and other half must go that way, you will need to dig a little deeper into Cisco router configuration and configure Policy Based Routing.

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing."

Helpful Member!(2)  gconnect (MIS)
30 Mar 04 14:58
pmesjar is right, but one more thing
MAKE SURE that you turn off route caching/fast switching,

CODE

 interface INTERNET1
   no ip route-cache

 interface INTERNET2
   no ip route-cache

because if you do not the traffic WILL NOT be load balanced correctly. Once a destination is learned out of one interface all subsequent traffic will keep going out that interface without a route table lookup. Once you turn that off, traffic will be truly load balanced.
Policy Based Routing is pretty simple, if you have anymore questions.........holler


-gC_
luisc2004 (IS/IT--Management) (OP)
30 Mar 04 15:52
Peter: thaks you for your help, but we need to specify that certain users go by one ISP and other user go by the other.
How complex is the configuration for Policy Based routing?

Best regards,
Luis
luisc2004 (IS/IT--Management) (OP)
30 Mar 04 16:02
Gc: thanks for your reply. I´ll really want to hear more about Plicy bases routing. Would you please send me more information?

TIA

Luis
gconnect (MIS)
30 Mar 04 17:11
sure, lets say you have a network that consist of 2 internal subnets and all internet traffic from 1 is to leave out one Internet interface and traffic from the other should leave out the other Internet interface

subnet1 - 10.1.1.0/25  (10.1.1.1-126)
subnet2 - 10.1.1.128/25 (10.1.1.129-254)

CODE

First configure ACL's that define what traffic to be acted upon
.......Don't apply the policy to internal traffic (deny)
.......Apply it to everything else (permit)
access-list 101 deny ip 10.1.1.0 0.0.0.127 10.1.1.128 0.0.0.127
access-list 101 permit ip 10.1.1.0 0.0.0.127 any

access-list 102 deny ip 10.1.1.128 0.0.0.127 10.1.1.0 0.0.0.127
access-list 102 permit ip 10.1.1.128 0.0.0.127 any

.......Define the policy globally
ip local-policy ENGINEERTRAFFIC route-map MAKEITHAPPEN

.......Define the Actual Policy
route-map MAKEITHAPPEN permit 10
 match ip address 101
 set ip next-hop IPofROUTERhangingOFFfirstINETinterface
   "you could also use 'set interface'"

route-map MAKEITHAPPEN permit 20
 match ip address 102
 set ip next-hop IPofROUTERhangingOFFsecondINETinterface
   "you could also use 'set interface'"

.........Bind All the stuff to the input interface
interface LAN
 ip policy route-map MAKEITHAPPEN
 no ip route-cache (if IOS before 12.1)
 -or-
 ip route-cache policy (if 12.1 and up)

some info......
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800c75d1.html#1000990

http://www.cisco.com/en/US/tech/tk364/tk871/technologies_configuration_example09186a00801f3b54.shtml

-gC-
pmesjar (TechnicalUser)
31 Mar 04 6:57
Gconnect... first I was wondering why you did put those deny entries in the route-map acls... and then I got it! We surely don't need to route traffic between our two subnets via ISPs:)

If I was writing that configuration, I would certainly forget adding those two permit statements into acls. Thanks for refreshing my routing know-how:)

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing."

Narizz28 (MIS)
31 Mar 04 19:13
hehehe, Nothing like accidentally becoming a MAE!
luisc2004 (IS/IT--Management) (OP)
19 Apr 04 9:45
Gconnect: thank syou for your help! I tried the PBR configuration, but I have this question: Do I have to configure a default static route, pointing to one of the ISP? (like ip route 0.0.0.0 0.0.0.0 66.110.105.73 )

I´ve tried without a default route and no traffic is routed to the Internet.

Then we tried with a double default route, but we found  perfomance issues (there were lost packets).

T.I.A.

Luis
pmesjar (TechnicalUser)
19 Apr 04 14:43
The performance issues were not because you set up the default routes. That was something you needed to do. I think your performance issues were caused by command "no ip route-cache", which turned off fast-switching of IP packets on the interfaces, as gconnect suggested. Probably your router experienced heavy traffic load and with fast switching turned off, every packet needed to be examined by router's CPU in order to get it forwarded, and teh router simply didn't catch up.

If you turn fast switching back on, your router will do less in terms of load-balancing, but you will offload router's CPU from examining every packet.

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing."

mikes999 (MIS)
6 Sep 04 17:05
Hello, folks;

I am reading all the forums I can find since I have similar problem: two ISP routers, two PIXs, one Catalyst 4006 which is routing traffic for the whole company. Adding default static to "new" ISP pretty much shuts down all Internet traffic, even if I tag links with different weight. "no ip route-cache" line is of no help either.

I have a heluva subnets, and I am not inclined at the time to go with PBR; what I need is a basic functionality (load balancing would be nice, though...).

The problem is - 4006 is the only one of a kind I've got, and playing with routing on live network doesn't raise my popularity with users...

Here is the layout:

ISP(old)   ISP(new)
   \          /
    \        /
     |       |
   PIXold PIXnew
     \       /
   (static) (no route)
      \     /
    Catalyst4006
      /     \
  (OSPF)   (OSPF)
    /        \
  Core1     Core2
    \        /
     \      /
     INTRANET

Looks simple. But doesn't work...

BTW: when I tryed to learn gateway routs via OSPF (enabling on PIX), the effecy is the same: external routing shuts down.

Any help greatly appreciated.

Thanks,

M.S.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close